ltb-project/self-service-password

ltb-project/self-service-password

self-service-password.readthedocs.io

Releases23

Frequency5 months 3 weeks

Last Release 17 days ago

Stars1.31K

Web interface to change and reset password in an LDAP directory

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-53958 ↗	Dec 19, 2025Friday, 19 December 2025, 21:15	7.5 HIGH	—
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
CVE-2023-49032 ↗	Dec 21, 2023Thursday, 21 December 2023, 00:15	9.8 CRITICAL	—
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.
CVE-2018-12421 ↗	Jun 14, 2018Thursday, 14 June 2018, 19:29	—	5 MEDIUM
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.